SUSE CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

PT-2026-38918

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Account users can register templates for direct download to primary storage when deploying instances using the KVM hypervisor. Due to missing...

PT-2026-38798

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

PT-2026-39212

Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801 Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Dock...

WordPress plugin User Frontend 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-39295

Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...

Ray 代码注入漏洞

Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray from 2.54.0 to 2.55.0 contained a code injection vulnerability. This vulnerability occurred when the PyArrow library read Parquet files by invoking arrowextdeserialize, allowin...

CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-564:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-564:01 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

CVE-2023-47268

PrusaSlicer through 2.6.1 is affected by a vulnerability in libslic3r’s GCode/PostProcessor.cpp where processing a crafted 3mf project file during slicing and G-code export can lead to arbitrary code execution on the host. Red Hat advisory confirms remote exploitation via specially crafted 3mf fi...

PT-2026-38797

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

PT-2026-38799

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

Important: Red Hat Security Advisory: mingw-libtiff security update

An update for mingw-libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SWnentries function in the file SWapi.c. An attacker can achieve arbitrary code execution or cause a denial of service by providing a specially crafted HDF-EOS file with DimensionName argument that...

CVE-2026-26956

A flaw was found in vm2, an open-source sandbox for Node.js. An attacker can exploit this vulnerability by running malicious code within the VM.run function, allowing them to escape the sandbox and gain access to the host process. This can lead to arbitrary code execution on the host system,...

CVE-2026-42215

GitPython CVE-2026-42215: A vulnerability in GitPython allows arbitrary command execution when attacker-controlled kwargs are passed to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push() via the Python kwargs upload_pack/receive_pack. The default unsafe-options guard (allow_unsafe...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...